SSL at GNOME
Certificates are managed differently based on their issuer:
Gandi - certificates.git on puppet-back
Let's Encrypt - /srv/letsencrypt on puppetmaster01-back
Cloning the certificates.git should happen on the target machine itself:
ssh puppetmaster01-back git clone /git/certificates.git
The list of the domains we cover via SSL will follow.
Look into puppetmaster01.gnome.org:/srv/letsencrypt/configurations for all the subdomains that are covered.